Expert Comments

Experts Insight On Media Giant Nikkei Hit By BEC Scam, Losing $29 Million

Expert(s): Security Experts
Expert(s): Security Experts

It has been reported that Japanese media company Nikkei Inc. is the latest organization to be hit by BEC scammers, costing the enterprise $29 million. The company confirmed last week that, in late September, an employee of its US subsidiary,”had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen) of Nikkei America funds based on fraudulent instructions by a malicious third party who purported to be a management executive of Nikkei.”

Commenting on the news are the following cybersecurity professionals:

Experts Comments

Dot Your Expert Comments
Ed Macnair
November 06, 2019
CEO
Censornet

Traditional pattern matching technologies are useless against these modern techniques.
Although the gigantic cost of this scam makes it a particularly unusual and embarrassing case, it demonstrates the damage that one instance of human error can still do to organisations of all sizes. “It is important to train employees so that they notice the more sophisticated techniques used by hackers but Business Email Compromise scams take advantage of a very human desire to please a high ranking executive. In these cases, emotions appear to take over from reason. Therefore, it’s.....Read More
Although the gigantic cost of this scam makes it a particularly unusual and embarrassing case, it demonstrates the damage that one instance of human error can still do to organisations of all sizes. “It is important to train employees so that they notice the more sophisticated techniques used by hackers but Business Email Compromise scams take advantage of a very human desire to please a high ranking executive. In these cases, emotions appear to take over from reason. Therefore, it’s crucial that organisations have systems in place to prevent employees being exposed in the first instance. “Employee awareness needs to be combined with a robust, multi-layered approach to email security. Traditional pattern matching technologies are useless against these modern techniques and organisations need to combine content analysis, threat intelligence and executive name checking to efficiently protect themselves.  Read Less
Felix Rosbach
November 06, 2019
Product Manager
comforte AG

The name of the game is sophisticated identity access management coupled with verification from an actual human.
Here we have yet another example of how easy it is to steal someone's identity – given there are no countermeasures in place. The reason for this is simple: most hackers aren’t geniuses, but neither is the average employee. We’re only human after all. Sometimes we make mistakes. Sometimes we get complacent or distracted and, unfortunately, our tendency to slip up every once in a while leaves us open to exploitation. That’s why you always have to have the human element in mind when.....Read More
Here we have yet another example of how easy it is to steal someone's identity – given there are no countermeasures in place. The reason for this is simple: most hackers aren’t geniuses, but neither is the average employee. We’re only human after all. Sometimes we make mistakes. Sometimes we get complacent or distracted and, unfortunately, our tendency to slip up every once in a while leaves us open to exploitation. That’s why you always have to have the human element in mind when thinking about security. So the question is: how do we protect our organization from the phishing scheme du jour? With an increasing attack surface and an endless number of ways to get access to a company, the name of the game is sophisticated identity access management coupled with verification from an actual human. And last but not least, having solid data protection will act as a fail-safe to minimize the damage in the event of a breach.  Read Less
Martin Jartelius
November 06, 2019
CSO
Outpost24

But the best control is one that catches when the human fail.
To mitigate such a threat occurring, an excellent set of security processes need to be instilled: 1. Do not process financial transactions solely based on email 2. Do not authorize transactions over certain amounts without verification from the one instructing on the transaction. 3. Do not authorize new recipients of any transactions without an approval process within the finance team. The last step is one of the easier to implement, and it is one of the most efficient. Adding a header.....Read More
To mitigate such a threat occurring, an excellent set of security processes need to be instilled: 1. Do not process financial transactions solely based on email 2. Do not authorize transactions over certain amounts without verification from the one instructing on the transaction. 3. Do not authorize new recipients of any transactions without an approval process within the finance team. The last step is one of the easier to implement, and it is one of the most efficient. Adding a header “This email originate from outside the organization” to all emails not sent by an authenticated user from the internal email server further gives a degree of resilience, but the problem is soft – staff related – and the solution hence is also soft – implementation of soft controls. Human error is not a technical error, we can by technology empower employees to make more educated guesses, but the best control is one that catches when the human fail, which is the reason for the above recommendations.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

$2bn Startup Glovo Falls Victim To Cyberattack

Vulnerabilities Found In Wifi-routers

Experts Reaction On REvil/Sodin Behind UnitingCare Breach

Experts On IOS 0-Days Vulnerabilities Discovered

Uni Research Finds That Fertility Apps Collecting And Sharing Sensitive...

44% of Orgs. Report Breaches Due to 3rd Parties, 74%...

92% Of Organisations Who Pay Ransoms Don’t Get All Their...

Experts Comments on World Password Day

Expert Insights On Ransomware Task Force Report

Expert Commentary – Ofcom Warn People Not to Trust Caller...